Mozilla Foundation Security Advisory 2008-04

Stored password corruption

Announced

February 7, 2008

Reporter

Justin Dolske

Impact

Moderate

Products

Firefox

Fixed in

Firefox 2.0.0.12

Description

Mozilla developer Justin Dolske discovered that
malicious sites, upon a user saving his or her password, could inject
newlines into Firefox's password store and corrupt saved passwords
for other sites.

Workaround

Do not ask Firefox to save passwords on untrusted sites until
a version containing these fixes can be installed.